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BEA WebLogic Commerce Server Release 3.1.1 with SP1 Documentation .,. 
... e-commerce applications using the Java language and Sun Microsystems, ... 
An Enterprise JavaBean that represents persistent data in an underlying data ... 
e-docs.bea.com/wlcs/docs31/interm/glossary.htm - 73k - Cached - Similar pages 

An Introduction to Java Servlets 

... features of the Servlet API is its support for persistent data. ... Instances of 
this class can hold information for one user session between requests. ... 
www.devarticles.eom/c/a/Java/ An-lntroduction-to^Java-Servlets/6/ - 104k - Cached - Similar pages 

Assessing the Security of Your Web Applications 
... This is especially true in the e-commerce environment, where standard ... 
modify or otherwise exploit the information related to another user's session. ... 
www.linuxjournal.com/node/3855/print - 20k - Cached - Similar pages 

Assessing the Security of Your Web Applications | Linux Journal 
... modify or otherwise exploit the information related to another user's session. 
... Non-persistent cookies are stored in the web browser's memory. ... 
www.linuxjournal.com/article/3855 -41k- Cached - Similar pages 

Imperva's SecureSphere v2 stops known and unknown attacks on ... 4 
... Improved Correlated Attack Validation - Persistent Learning ... that are 
suspicious, but by themselves not obvious attacks, by user session over time. ... 
, www.imperva.com/company/news/2004-feb-17.html - 27k - Cached - Similar pages 
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File Format: Microsoft Powerpoint 97 - View as HTML 

... Client-server connection for user session, eg File system, SQL, Active Directory 
... KDC validation for S4U2self. Trusted-to-Authenticate-for-Delegation ... 
web.mit.edu/pismere/presentations/ teched2002/new-ms-kerberos-extensions.ppt - Similar pages 

Make It and Break It: Preventing Session Hijacking and Cookie ... 
... found that 31 percent of e-commerce applications were vulnerable to cookie 
... persistent data during the HTTP session, as in the following example: ... 
nwc.securitypipeline.com/howto/53701241 - Similar pages 

poc] White Paper 

File Format: Microsoft Word 2000 - View as HTML 

... to provide authentication services for your e-commerce Web site. ... It also 
sets a cookie that is valid only for the duration of the user session. ... 

www.microsoft.com/commerceserver/techinfo/development/2000/wp_CS2KAuth.doc - May 24, 2005 - Similar pages 
mBLAST Press Release Wire 

... presented by Internet or intranet applications such as e-commerce, online banking, 
... improved Correlated Attack Validation - Persistent Learning ... 
www.mblast.com/wire/releases/0000016783.htm - 9k - Cached - Similar pages 

DEMO press 

... Correlated Attack Validation - Persistent Learning SecureSphere v2 adds Persistent 
... but by themselves not obvious attacks, by user session overtime. ... 

www.pmewswire.com/.. ./www/story/ 02-17-2004/00021 1 1088&EDATE=Feb+17,+2004 -11k- Cached - Similar pages 
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1. Chapter 6 Managing Authentication ^ 

... login with a persistent cookie. A persistent cookie is one ... logging in must have Persistent Cookies enabled in theii 
set to Ignore, the user validation will not be done ... 

docs.sun.com/source/817-7647/mangauth.html - 162k - Cached - More from this site 


2. A Guide to Building Secure Web Applications ^ 

... Cookies. Persistent vs. Non-Persistent. Secure vs ... Log Management. 10. Data Validation. Validation Strategies. . 
Only ... and Business to Consumer e-commerce, workflow and supply chain ... 
alex.netwindows.org/owasp_jguide/guide.html - 261 k - Cached - More from this site 

3. http://nwm.securitypipeline.com/shared/article/printableArticleSrc.jhtm ^ 
Web app developers can make their applications secure by design by protecting Web authentication from credentials 
eavesdropping, cookie manipulation and session hijacking. ... that 31 percent of e-commerce applications were vulnerat 
cookie ... information, also known as persistent cookies, are stored in ... is associated with the user session of Joe Vile 
nwm.securitypipeline.com/shared/arf - More from this site 

4. Chapter 3 Access Management ^ 

... Persistent Cookie. Session Upgrade. Validation Plug-in Interface ... write username or password validation logic sui 
their ... Once the user session is created or upgraded with ... 
docs.sun.com/source/81 7-7643/3_access.html - 57k - Cached - More from this site 

5. Microsoft.com 

... This includes input validation, output encoding, authentication, authorization ... in a classic e-commerce Web site tha 
requires ... they are in persistent stores such as configuration ... 

msdn.microsoft.com/library?url=/library/en-us/secmod/html/secmod83 - 1 33k - Cached - More from this site 

6. Make It and Break It: Preventing Session Hijacking and Cookie Manipulation | Your Web Apps May / 
Be at Risk ^ 

Web app developers can make their applications secure by design by protecting Web authentication from credentials 
eavesdropping, cookie manipulation and session hijacking. ... that 31 percent of e-commerce applications were vulnerat 
cookie ... information, also known as persistent cookies, are stored in ... is associated with the user session of Joe Vile 
nwc.securitypipeline.com/53701241 - More from this site 

7. Building Secure ASP.NET Pages and Controls (.NET Framework Security) ^ 

This chapter shows you a variety of implementation techniques to improve the security of your ASP.NET Web pages and 
controls. ... Input data validation should be a top consideration when you ... functionality in a classic e-commerce Web ; 
requires ... while they are in persistent stores such as configuration ... 

msdn.microsoft.com/library/en-us/dnnetsec/html/THCMCh1 0.asp?frame=true - 123k - Cached - More from this site 

8. Assessing the Security of Your Web Applications ^ 

Assessing the Security of Your Web Applications. By Nalneesh Gaur. Created 2000-04-01 00:00. An outline of key test a 
identify security issues in a web application and provide measures to minimize them. ... especially true in the e-commerc 
environment, where standard practices ... Persistent cookies have an expiration date and are stored ... past, client-side • 
validation has been used to ... 

www.linuxjournal.com/node/3855/print - 20k - Cached - More from this site 


9. Form State Framework ^ 

... be stored into a persistent storage. This is where ... State will setup the proper user session information (ie ... your C 
Card Validation State into other E-commerce sites you are ... 
open.echomine.org/cowiki/16.html - 63k - Cached - More from this site 
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10. User Authentication With Apache And PHP ^ 

... E -Commerce Hosting. Linux Web Hosting ... involves the creation of a persistent user "session", which stores user 
variables ... " Form Validation with JavaScript Regular Expressions (Part 1) ... 

www.devshed.(X)rrVc/a/PHP/User-Authentication-With-Apache-And-PHP - 100k - Cached - More from this site 
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1 Web and e-business application: A framework for automatic generation of web-based Q 

data entry applications based on XML 
VolkerTurau 

March 2002 Proceedings of the 2002 ACM symposium on Applied computing 

Additional Information: full citation , abstract , references , ci tings , index 
terms 


Full text available: f9pdf(635.47 KB) 


This paper presents a framework for web-based data entry applications. It introduces a 
method for the conceptional and the navigational design based on a textual specification in 
the form of an XML-application. This forms the input to a code generation environment 
allowing for real automated prototyping. The environment produces fully functional 
skeletons for the web pages. Together with the framework classes they can be utilized for 
testing and for requirements review. They also form the starti ... 


Keywords: automated prototyping, frameworks, web-based data entry 


2 Recommender systems in e-commerce 
J. Ben Schafer, Joseph Konstan, John Riedi 

November 1999 Proceedings of the 1st ACM conference on Electronic commerce 

Full text available: ^ pdf(112.96 KB) Additional Information: full citation , references, citings , index terms 


Keywords: cross-sell, customer loyalty, electronic commerce, interface, mass 
customization, recommender systems, up-sell 


Java-based mobile agents 

David Wong, Noemi Paciorek, Dana Moore 

March 1999 Communications of the ACM, volume 42 issue 3 

Full text available: g^2SLM^Sl Additiona| | n f orma tion: full citation , references , citings , index terms 
\9] html(3l.3o KB) 


4 E-commerce: A software framework for matchmaking based on semantic web 

technology 

Lei Li, Ian Horrocks 

May 2003 Proceedings of the 12th international conference on World Wide Web 
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Full text available: ^}pdf(170.49 KB) Additional Information: full citation , abstract, references , ci tings , index 

terms 


An important objective of the Semantic Web is to make Electronic Commerce interactions 
more flexible and automated. To achieve this, standardization of ontologies, message 
content and message protocols will be necessary.In this paper we investigate how Semantic 
and Web Services technologies can be used to support service advertisement and discovery 
in e-commerce. In particular, we describe the design and implementation of a service 
matchmaking prototype which uses a DAML-S based ontology and a D ... 

Keywords: ontologies, semantic web, web services 


5 Minimizing the impact of orphan requests in e-commerce services 
E. Kraemer, G. Paixao, D. Guedes, W. Meira, V. Almeida 

September 2000 ACM SIG METRICS Performance Evaluation Review, Volume 28 issue 2 
Full text available: ^g)pdf( 560.01 KB) Additional Information: full citation , abstract , index terms 

The most common problem of an overloaded electronic-commerce server is an increase in 
the response time perceived by customers, who may restart their requests hoping to get a 
faster response, or simply abort them, giving up on the store. Both behaviors generate 
"orphan" requests: although they were received by the server, they should not be answered 
because their requestors have already abandoned them. Orphan requests waste system 
resources, since the server becomes aware of their cancellation o ... 

6 Practitioner reports: Validating structural properties of nested objects 

Darrell Reimer, Edith Schonberg, Kavitha Srinivas, Harini Srinivasan, Julian Dolby, Aaron 
Kershenbaum, Larry Koved 

October 2004 Companion to the 19th annual ACM SIGPLAN conference on Object- 
oriented programming systems, languages, and applications 

Full text available: ^pdf(308.95 KB) Additional Information: full citation , abstract , references , index terms 

Frameworks are widely used to facilitate software reuse and accelerate development time. 
However, there are currently no systematic mechanisms to enforce the explicit and implicit 
rules of these frameworks. This paper focuses on a class of framework rules that place 
restrictions on the properties of data structures in framework applications. We present a 
mechanism to enforce these rules by the use of a generic "bad store template" which can 
be customized for different rule instances. We demon ... 

Keywords: code validation, context sensitive analysis, frameworks 


7 An embedded domain-specific language for type-safe server-side web scripting 
Peter Thiemann 

February 2005 ACM Transactions on Internet Technology (TOIT), volume 5 issue l 

Full text available: ^j|pdf(336.60 KB) Additional Information: full citation , abstract , references , index terms 

WASH/CGI Is an embedded domain-specific language for server-side Web scripting. Due to 
its reliance on the strongly typed, purely functional programming language Haskell as a 
host language, it Is highly flexible and— at the same time— it provides extensive 
guarantees due to its pervasive use of type information. WASH/CGI can be structured into a 
number of sublanguages addressing different aspects of the application. The document 
sublanguage provides tools for the generation of parameteri ... 

Keywords: Interactive Web services, Web programming 


8 Engineering web cache consistency 

Jian Yin, Lorenzo Alvisi, Mike Dahlin, Arun Iyengar 

August 2002 ACM Transactions on Internet Technology (TOIT), volume 2 issue 3 


http://portal.acm.org/results.crfm?coll=ACM&dl=ACM&CFID=448^ 


Full text available: ^ pdf(403.96 KB) Additional Information: full citation , abstract , references , citinqs . index 

terms 

Server-driven consistency protocols can reduce read latency and improve data freshness for 
a given network and server overhead, compared to the traditional consistency protocols 
that rely on client polling. Server-driven consistency protocols appear particularly attractive 
for large-scale dynamic Web workloads because dynamically generated data can change 
rapidly and unpredictably. However, there have been few reports on engineering server- 
driven consistency for such workloads. This article repo ... 

Keywords: Cache coherence, cache consistency, dynamic content, lease, scalability, 
volume 


9 A publish/subscribe CORBA persistent state service prototy pe 
C. Liebig, M. Cilia, M. Betz, A. Buchmann 

April 2000 IFIP/ACM International Conference on Distributed systems platforms 

Full text available: ^ |pdf(283.92 KB) Additional Information: full citation , abstract , references, citings 

An important class of information dissemination applications requires l:n communication 
and access to persistent datastores. CORBA's new Persistent State Service combined with 
messaging capabilities offer the possibility of efficiently realizing information brokers 
between data sources and CORBA clients. In this paper we present a prototype 
implementation of the PSS that exploits the reliable multicast capabilities of an existing 
middleware platform. This publish/subscribe architecture makes ... 

10 Software security and privacy risks in mobile e-commerce 
Anup K. Ghosh, Tara M. Swaminatha 

February 2001 Communications of the ACM, volume 44 issue 2 
Full text available: fHpdft90.58 KB) ~~ 


Additional Information: full citation , references , citings , index terms 
html(38.81 KB) — ~ 


11 An Internet-based negotiation server for e-commerce 

Stanley Y.W. Su, Chunbo Huang, Joachim Hammer, Yihua Huang, Haifei Li, Liu Wang, 

Youzhong Liu, Charnyote Pluempitiwiriyawej, Minsoo Lee, Herman Lam 

August 2001 The VLDB Journal — The International Journal on Very Large Data Bases, 

Volume 10 Issue 1 

Full text available: ^ |pdf(355.19 KB) Additional Information: full citation , abstract , citinqs . index terms 

This paper describes the design and implementation of a replicable, Internet-based 
negotiation server for conducting bargaining-type negotiations between enterprises 
involved in e-commerce and e-business. Enterprises can be buyers and sellers of 
products/services or participants of a complex supply chain engaged in purchasing, 
planning, and scheduling. Multiple copies of our server can be installed to complement the 
services of Web servers. Each enterprise can install or select a trusted negotia ... 

Keywords: Constraint evaluation, Cost- benefit analysis, Database, E-commerce, 
Negotiation policy and strategy, Negotiation protocol 


12 Semantic Web Services: Semantic web support for the business-to-business e - 
commerce lifecycle 

David Trastour, Claudio Bartolini, Chris Preist 

May 2002 Proceedings of the 11th international conference on World Wide Web 

Full text available* IS Pdff21 2 04 KB) Additional Information: full citation , abstract , references , citings , index 
■^"^ : terms 

If an e-services approach to electronic commerce is to become widespread, standardisation 


http://portal.acm.org/re^^^ 


of ontologies, message content and message protocols will be necessary. In this paper, we 
present a lifecycle of a business-to-business e-commerce interaction, and show how the 
Semantic Web can support a service description language that can be used throughout this 
lifecycle. By using DA ML, we develop a service description language sufficiently expressive 
and flexible to be used not only in advertisements, ... ....,r « 

Keywords: DAML, automated negotiation, e-commerce, matchmaking, semantic web, 
service description 


13 The state of the art in locally distributed Web-server systems 
Valeria Cardellini, Emiliano Casalicchio, Michele Colajanni, Philip S. Yu 
June 2002 ACM Computing Surveys (CSUR), volume 34 issue 2 


The overall increase in traffic on the World Wide Web is augmenting user-perceived 
response times from popular Web sites, especially in conjunction with special events. 
System platforms that do not replicate information content cannot provide the needed 
scalability to handle large traffic volumes and to match rapid and dramatic changes in the 
number of clients. The need to improve the performance of Web-based services has 
produced a variety of novel content delivery architectures. This article w ... 

Keywords: Client/server, World Wide Web, cluster-based architectures, dispatching 
algorithms, distributed systems, load balancing, routing mechanisms 


14 PocketLens: Toward a personal recommender system 
Bradley N. Miller, Joseph A. Konstan, John Riedl 

July 2004 ACM Transactions on Information Systems (TOIS), volume 22 issue 3 


Full text available: f£lpdf(1.10 MB) Additional Information: full citation , abstract , references , index terms 



Recommender systems using collaborative filtering are a popular technique for reducing 
information overload and finding products to purchase. One limitation of current 
recommenders is that they are not portable. They can only run on large computers 
connected to the Internet. A second limitation is that they require the user to trust the 
owner of the recommender with personal preference data. Personal recommenders hold the 
promise of delivering high quality recommendations on palmtop computers, e ... 

Keywords: Collaborative Filtering, Peer-to-Peer Networking, Privacy, Recommender 
Systems 

15 Web and e-business application: An agreement centric access control mechanism for 
business to business e-commerce 

Victoria Ungureanu 

March 2002 Proceedings of the 2002 ACM symposium on Applied computing 

Full text available: ^pdf( 556.10 KB) Additional Information: full citation , abstract , references , index terms 

We argue that matrix-based models are inadequate for regulating business to business (or 
B2B, for short) e-commerce due to the diversity, complexity and potential large number of 
commercial agreements that have to be supported. To deal with these issues, we propose 
in this paper an agreement-centric access control model. The paper introduces the concept 
of communication agreement (CAR) as a means for specifying contractual terms, and 
presents the CAR enforcement mechanism. We explo ... 

16 Measuring and characterizing end-to-end Internet service performance 
Ludmila Cherkasova, Yun Fu, Wenting Tang, Amin Vahdat 

November 2003 ACM Transactions on Internet Technology (TOIT), volume 3 issue 4 


Full text available: ^§pdf(1.41 MB) 


Additional Information: full citation , abstract , references , ci tings , index 
terms 



http://portal.acm.org/resu^ 


Full text available: ^pdf(146 MB) Additional Information: full citation , abstract , references , index terms 


Fundamental to the design of reliable, high-performance network services is an 
understanding of the performance characteristics of the service as perceived by the client 
..population as a whole. Understanding and measuring such end-to-end. service performance r 
is a challenging task. Current techniques include periodic sampling of service characteristics 
from strategic locations in the network and instrumenting Web pages with code that reports 
client-perceived latency back to a performance server. Li ... 

Keywords: End-to-end service performance, QoS, network packet traces, passive 
monitoring, reconstruction of web page composition, web site performance 


17 P6: Document-based inter-organizational information exchange 
Reinhard Riedl 

October 2001 Proceedings of the 19th annual international conference on Computer 
documentation 

Full text available: ^ pdf(217.62 KB) Additional Information: full citation , abstract , references , index terms 

In this paper, we present tour research work on document services for interstate e- 
government carried out in the FASME project. First, we depict the background for our 
research and we describe its basic challenges. Then we discuss the required services out of 
the perspective of inter-organizational document services and documentation issues. From 
the evaluations of our prototypical implementation with user groups, we may conclude that 
interstate e-government services are feasible and that life w ... 

Keywords: e-government, inter-organizational work-flows 


18 Posters: OpenMVC: a non-proprietry component-based framework for web 
applications 

Ronan Barrett, Sarah Jane Delany 

May 2004 Proceedings of the 13th international World Wide Web conference on 
Alternate track papers & posters 

Full text available: ^| pdfd 58.98 KB) Additional Information: full citation , abstract , references , index terms 

The lack of standardised approaches in the development of web- based systems is an 
ongoing issue for the developers of commercial software. To address this issue we proposes 
a hybrid development framework for web-based solutions that combines much of the best 
attributes of existing frameworks but utilises open, standardised W3C technologies where 
possible. This framework called openMVC is an evolution of the Model-View-Controller 
(MVC) pattern. An implementation of openMVC has been built over a 5 ... 

Keywords: MVC, W3C, XML, XML schema, XSLT, frameworks, patterns, web services 


19 Server performance and scalability: Challenges and practices in deploying web 
acceleration solutions for distributed enterprise systems 

Wen-Syan Li, Wang-Pin Hsiung, Oliver Po, Koji Hino, Kasim Selcuk Candan, Divyakant Agrawal 
May 2004 Proceedings of the 13th international conference on World Wide Web 

Full text available: ^ pdf(6.61 MB) Additional Information: full citation , abstract , references , index terms 

For most Web-based applications, contents are created dynamically based on the current 
state of a business, such as product prices and inventory, stored in database systems. 
These applications demand personalized content and track user behavior while maintaining 
application integrity. Many of such practices are not compatible with Web acceleration 
solutions. Consequently, although many web acceleration solutions have shown promising 
performance improvement and scalability, architecting and engin ... 

Keywords: application server, dynamic content, edge server, fragment, j2ee, reliability, 
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scalability, web acceleration 


20 DHTTP: an efficient and cache-friendly transfer protocol for the web _ 

Michael Rabinovich, Hua Wang 

December 2004 IEEE/ACM Transactions on Networking (TON), Volume 12 issue 6 

Full text available: ^ pdf(487.71 KB) Additional Information: full citation , abstract , references , index terms 

Today's HTTP carries Web interactions over client-initiated TCP connections. An important 
implication of using this transport method is that interception caches in the network violate 
the end-to-end principle of the Internet, which severely limits deployment options of these 
caches. Furthermore, while an increasing number of Web interactions are short, and in feet 
frequently carry only control information and no data, TCP is often inefficient for short 
interactions We propose a new transfer prot ... 

Keywords: HTTP protocol, interception caching, internet, web performance 
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